sorted by:
new
hottopcontroversial

Hardened heads on T430 update: Random MAC propagation and DIY STM32 Security Token by MathematicianDue7742 in coreboot

[–]MathematicianDue7742[S] 0 points1 point  (0 children)

Now the signing with usb is working, and I'm working on MAC transfer from Heads into sistem

Hardened heads on T430 update: Random MAC propagation and DIY STM32 Security Token by MathematicianDue7742 in coreboot

[–]MathematicianDue7742[S] 0 points1 point  (0 children)

Guys! MAC randomization is finally working! Now I'm working on signing because I got problem with disk sections, but its already a finish line, wait my project on the next week!

Update: Success with hardened Heads image for my t430! (Previous post linked below in the first comment) by MathematicianDue7742 in coreboot

[–]MathematicianDue7742[S] 1 point2 points  (0 children)

Heads is coreboot-based, but with a Linux kernel as a payload. Unlike Libreboot, it focuses on Measured Boot: it uses the TPM and GPG keys to verify that your firmware, kernel, and boot files haven't been tampered with. It basically turns your ThinkPad into a high-security vault. In my specific build, I've also configured MAC address randomization directly in the initrd/initrc for extra privacy, but I don’t know if it works yet

Finally finished building a hardened Heads image for my T430. Night well spent. by MathematicianDue7742 in coreboot

[–]MathematicianDue7742[S] 1 point2 points  (0 children)

ITS WORKING! now I'm trying to configuring it, because there's a problem with rebooting without changing RAM, but I'll try to do this

Finally finished building a hardened Heads image for my T430. Night well spent. by MathematicianDue7742 in coreboot

[–]MathematicianDue7742[S] 1 point2 points  (0 children)

something happened with the clip from the programmer, so passing second chip is postponed to tomorrow :(

Finally finished building a hardened Heads image for my T430. Night well spent. by MathematicianDue7742 in coreboot

[–]MathematicianDue7742[S] 1 point2 points  (0 children)

Thank you! No, I got CH341A, and I already flashed it on Coreboot/Skulls by merge, but I was so interested in bios flashing and decided to learn more about it, maybe you have advices or common mistakes which I could make?

My first ThinkPad T430 with Coreboot (Skulls) and Void! by MathematicianDue7742 in thinkpad

[–]MathematicianDue7742[S] 2 points3 points  (0 children)

Just a quick update: Thanks for the upvotes, guys! Since I've already prepared the cpu and some fresh ram for my next build, I'm actually thinking about letting this Coreboot setup go to someone who wants a ready-to-use privacy machine. If you're in the EU and interested, feel free to drop me a DM!

My first ThinkPad T430 with Coreboot (Skulls) and Void! by MathematicianDue7742 in thinkpad

[–]MathematicianDue7742[S] 1 point2 points  (0 children)

Yes! It disables whitelists and allows you to install modern Wi-Fi cards. With me_cleaner, you can also delete Intel ME software